Comprehensive Explanation

rot

Definition

The rot field is a JSON attribute used in KERI protocol messages to represent rotation events - establishment events that change the authoritative key state of an Autonomic Identifier (AID). The field's value contains a hash pointer (cryptographic digest) that creates a verifiable chain linking each rotation to its predecessor event, enabling cryptographic verification of the complete key management history.

Context in KERI/ACDC

Role in Key Event Logs

Rotation events are fundamental to KERI's security model, enabling transferable identifiers that can maintain persistent control despite key compromise or planned key lifecycle management. Each rotation event:

• Revokes the current set of authoritative keypairs
• Establishes a new set of authoritative keypairs
• Commits to the next rotation keys via pre-rotation digests
• References the prior event through the hash pointer in the rot field

This creates an append-only, cryptographically chained log where any tampering becomes immediately evident through broken hash chains.

Pre-Rotation Security

The rotation mechanism implements KERI's innovative pre-rotation scheme, where each rotation event includes a cryptographic digest of the next rotation keys. This provides:

• Forward security: Compromise of current keys cannot affect pre-committed future keys
• Post-quantum resistance: Hash-based commitments remain secure even against quantum attacks
• Recovery capability: Controllers can recover from key compromise using unexposed rotation keys

TEL Anchoring Architecture

A critical architectural role of rotation events is anchoring Transaction Event Logs (TELs) to KELs. All TEL events (which track credential issuance/revocation state) must be anchored to a KEL through either:

• rot (rotation events)
• ixn (interaction events)

This anchoring provides the cryptographic foundation for verifiable credential protocols built on KERI, as credential state changes inherit the security properties of the underlying KEL.

Event Structure

Rotation events contain:

• Previous event digest (p field): Creates backward chaining
• Current keys (k field): New authoritative signing keys
• Next key digest (n field): Pre-rotation commitment
• Thresholds (kt, nt fields): Signature requirements
• Witness configuration (wt, wr, wa fields): Witness management

Related Terms

• Inception Event: The first establishment event that creates an AID
• Interaction Event: Non-establishment events that anchor data without changing keys
• Pre-rotation: The cryptographic commitment mechanism enabling secure key rotation
• Key Event Log (KEL): The complete verifiable history of all key events
• Transaction Event Log (TEL): Credential state logs anchored to KELs via rotation/interaction events